DPM : sepolicy: allow netdomain access to cnd and dpmdstable/cm-12.1-YOG4P

Allow entities with netdomain permission
access to cnd and dpmd
Allow cnd to set socket options

CYNGNOS-1222
Change-Id: Idf812e8e9db38bb319978c98588c0d9dfa1947f9
(cherry picked from commit 06765fd28cb401e31ab0f432001b447d5b5aa0c5)

3 files changed, 35 insertions, 2 deletions

diff --git a/common/cnd.te b/common/cnd.te
index 21e708a3..91bc97d5 100644
--- a/common/cnd.te
+++ b/common/cnd.te
@@ -58,7 +58,7 @@ allow cnd appdomain:tcp_socket rw_socket_perms;
 # allow cnd to communicate with system_server
 allow cnd system_server:dir search;
 allow cnd system_server:file { read open };
-allow cnd system_server:tcp_socket { write getattr shutdown getopt read bind };
+allow cnd system_server:tcp_socket { write getattr shutdown getopt read bind setopt };
 
 # allow cnd to communicate with mediaserver
 allow cnd mediaserver:dir search;
diff --git a/common/net.te b/common/net.te
new file mode 100644
index 00000000..5005e40b
--- /dev/null
+++ b/common/net.te
@@ -0,0 +1,32 @@
+# Copyright (c) 2015, The Linux Foundation. All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+#       copyright notice, this list of conditions and the following
+#       disclaimer in the documentation and/or other materials provided
+#       with the distribution.
+#     * Neither the name of The Linux Foundation nor the names of its
+#       contributors may be used to endorse or promote products derived
+#       from this software without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# allow netdomain access to cnd
+unix_socket_connect(netdomain, cnd, cnd)
+
+# allow netdomain access to dpmd
+unix_socket_connect(netdomain, dpmwrapper, dpmd)
diff --git a/sepolicy.mk b/sepolicy.mk
index ae5f4d77..d862bc1d 100644
--- a/sepolicy.mk
+++ b/sepolicy.mk
@@ -89,7 +89,8 @@ BOARD_SEPOLICY_UNION += \
        energyawareness.te \
        hbtp.te \
        dtsconfigurator.te \
-       vold.te
+       vold.te \
+       net.te
 
 -include device/qcom/sepolicy/$(TARGET_BOARD_PLATFORM)/Android.mk